Object storage helps with ransomware protection

Object storage that supports immutability or versioning can ensure a faster and easier recovery from ransomware attacks.

As businesses become more data dependent, digital information assets have become inherently more valuable. And for all the good that data enables, this increased value has brought out some unsavory behavior, with the recent string of high-profile security breaches just the tip of the iceberg.

As a response, executives are shifting their focus and more of their IT budgets to cybersecurity. In Enterprise Strategy Group's 2017 study of IT spending intentions, for example, respondents identified cybersecurity as the most common initiative to drive technology spending over the next 12 months. To put this in perceptive, cost reduction projects came in second. In other words, in an age of rising cybercrime, data security comes first; everything else, including "reducing the IT budget," follows.

Often the focus of IT security centers on network or endpoint protection, infrastructure technologies such as enterprise storage offer features that can help round out the data security story, but often that conversation begins and ends with data-at-rest encryption.

There are exceptions. For example, recently, a converged infrastructure storage startup, Datrium, announced the ability to deliver encryption for data at rest and for data in flight. Encrypting data on storage infrastructure offers benefits but has limitations. These technologies help protect data from physical theft of storage media or systems or access to the data when storage equipment is retired or discarded. Data in flight, meanwhile, helps protect information in the event someone attempts to sniff the network. Again, encryption is helpful but only one part of the protection equation.

Now, what about when someone isn't trying to steal information? What if they just want to prevent you from accessing it? What about ransomware and ransomware protection?

The scourge of ransomware

The object of ransomware isn't to steal data; it is to make it inaccessible until the demands, usually in the form of a hefty payment, are met. Unfortunately, ransomware attacks have become commonplace. According to the United States Department of Homeland Security webpage on the subject, "On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016." In other words, it is a big problem, and addressing it requires a multifaceted approach. When it comes to ransomware protection, data-at-rest or in-flight encryption offers little help. There is, however, another option. Certain object storage systems have found a way to provide an added layer of ransomware protection.

(Some) object storage to the rescue

While this is not the case with every object storage product, some such as the Hitachi Content Platform (HCP) from Hitachi Data Systems (HDS) support a feature often referred to as object versioning. Object versioning can dramatically reduce the cost of recovering from a ransomware attack.

This ability stems from a key architectural element found in object storage systems designed for write once, read many (WORM) environments. With these architectures, files, or objects, become immutable once written, with updates to the object stored not as changes but as new versions, while the previous version is retained as well. Initially intended to help meet compliance requirements, such as the Health Insurance Portability and Accountability Act, as well as to provide added protection against accidental deletions, this capability is now being used as an added layer of ransomware protection. When the malware encrypts data, storage perceives this action as simply another file change, or write, request.

With ransomware, the object isn't to steal data; it is to make it inaccessible until the demands, usually in the form of a hefty payment, are met.

With other types of storage systems, such as file or block-based storage, the write modifies existing data. So in the case of ransomware, data can be held hostage until demands are met. With an immutable object storage system leveraging versioning, however, the original file doesn't change. Storage instead creates and stores another version.

To recover from the ransomware's encryption, the storage admin simply sends out a command to roll affected objects back to their previous versions. The restoration is much faster, simpler and less costly than restoring data from a backup copy, be it on disk, SSD or tape.

This capability to store data as immutable objects isn't available on every object storage system, however, and when it's offered, it only applies to data that resides on the object storage system and not the rest of the data center. It, therefore, does not deliver complete protection -- although it still offers a powerful tool that can significantly reduce the cost of recovery. This capability can be incredibly valuable for industries that store large capacities of sensitive file information, such as in healthcare.

More than ransomware

A more common benefit associated with object storage remains its nearly unlimited scalability, which in turn helps reduce the cost and complexity of high-capacity data storage. In addition to easing the burden of large content repositories, some object storage platforms, such as HCP, offer features tailored to the defense of sensitive information that goes beyond ransomware protection. These features include the ability to support encryption and then move encrypted content to the cloud, as well as tools to help aid in data compliance and governance.

Any IT organization dealing with the challenges of unstructured, or file, data growth should already be investigating object storage technology as part of their evaluation process for the future of their storage infrastructure. For those industries with compliance or governance concerns, or high levels of sensitive file data, however, object storage is now a must have. And if your industry has become target for ransomware attacks, object storage products that support immutability or versioning functionality can provide a critical tool to help ensure your company can recover from an attack and quickly get back to business as usual.

Join the conversation

2 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.